COBIT 5 Implementation Introduction
7
Im p l ementat i on PREVIEW VERSION
-
Upload
javier-torres-solis -
Category
Documents
-
view
116 -
download
0
Transcript of COBIT 5 Implementation Introduction
-
Implementation
msinghTypewritten TextPREVIEW VERSION
-
These following pages provide a preview of the information contained in COBIT 5 Implementation. The publication provides a good-practice approach for implementation governance of enterprise IT (GEIT) based on a continual improvement life cycle tailored to suit the enterprises specific needs. COBIT 5 Implementation is available as a complimentary PDF for members and for purchase for non-members (www.isaca.org/cobit). Also available for purchase for members and non-members in hard copy (www.isaca.org/bookstore). We encourage you to share this preview with your enterprise leaders, team members, clients and/or consultants. COBIT enables enterprises to maximize the value and minimize the risk related to information, which has become the currency of the 21st century. COBIT 5 is a comprehensive framework of globally accepted principles, practices, analytical tools and models that can help any enterprise effectively address critical business issues related to the governance and management of information and technology. Additional information is available at www.isaca.org/cobit. Not a member? Learn the value of ISACA membership. Additional information is available at www.isaca.org/membervalue.
-
2 ImplementatIon
ISACA
With 95,000 constituents in 160 countries, ISACA (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems (IS) assurance and security, enterprise governance and management of IT, and IT-related risk and compliance. Founded in 1969, the non-profit, independent ISACA hosts international conferences, publishes the ISACA Journal, and develops international IS auditing and control standards, which help its constituents ensure trust in, and value from, information systems. It also advances and attests IT skills and knowledge through the globally respected Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT) and Certified in Risk and Information Systems ControlTM (CRISCTM) designations. ISACA continually updates COBIT, which helps IT professionals and enterprise leaders fulfil their IT governance and management responsibilities, particularly in the areas of assurance, security, risk and control, and deliver value to the business.
DisclaimerISACA has designed this publication, COBIT5 Implementation (the Work), primarily as an educational resource for governance of enterprise IT (GEIT), assurance, risk and security professionals. ISACA makes no claim that use of any of the Work will assure a successful outcome. The Work should not be considered inclusive of all proper information, procedures and tests or exclusive of other information, procedures and tests that are reasonably directed to obtaining the same results. In determining the propriety of any specific information, procedure or test, readers should apply their own professional judgement to the specific GEIT, assurance, risk and security circumstances presented by the particular systems or information technology environment.
Copyright 2012 ISACA. All rights reserved. For usage guidelines, see www.isaca.org/COBITuse.
ISACA3701 Algonquin Road, Suite 1010 Rolling Meadows, IL 60008 USAPhone: +1.847.253.1545 Fax: +1.847.253.1443Email: [email protected] Web site: www.isaca.org
Feedback: www.isaca.org/cobitParticipate in the ISACA Knowledge Center: www.isaca.org/knowledge-centerFollow ISACA on Twitter: https://twitter.com/ISACANewsJoin the COBIT conversation on Twitter: #COBITJoin ISACA on LinkedIn: ISACA (Official), http://linkd.in/ISACAOfficialLike ISACA on Facebook: www.facebook.com/ISACAHQ
COBIT 5 ImplementationISBN 978-1-60420-240-3Printed in the United States of America
-
5tAble of contents
tAble of contentsList of Figures ...........................................................................................................................................................................7
Chapter 1. Introduction ...........................................................................................................................................................9Objectives and Scope of the Guide ......................................................................................................................................10
Chapter 2. Positioning GEIT .................................................................................................................................................13Understanding the Context ..................................................................................................................................................13
What Is GEIT? .......................................................................................................................................................13Why Is GEIT so Important? ..................................................................................................................................13What Should GEIT Deliver? .................................................................................................................................14
Leveraging COBIT 5 and Integrating Frameworks, Standards and Good Practices ..........................................................15Principles and Enablers .........................................................................................................................................16
Chapter 3. Taking the First Steps Towards GEIT...............................................................................................................17Creating the Appropriate Environment ................................................................................................................................17Applying a Continual Improvement Life Cycle Approach .................................................................................................18
Phase 1What Are the Drivers? ...........................................................................................................................20Phase 2Where Are We Now? .............................................................................................................................20Phase 3Where Do We Want To Be? ...................................................................................................................20Phase 4What Needs To Be Done? .....................................................................................................................20Phase 5How Do We Get There? .........................................................................................................................20Phase 6Did We Get There? ................................................................................................................................20Phase 7How Do We Keep the Momentum Going? ............................................................................................20
Getting StartedIdentify the Need to Act: Recognising Pain Points and Trigger Events ................................................21Typical Pain Points ................................................................................................................................................21Trigger Events in the Internal and External Environments ...................................................................................22Stakeholder Involvement .......................................................................................................................................23
Recognising Stakeholders Roles and Requirements ..........................................................................................................23Internal Stakeholders .............................................................................................................................................23External Stakeholders ............................................................................................................................................25Independent Assurance and the Role of Auditors ..................................................................................................25
Chapter 4. Identifying Implementation Challenges and Success Factors .......................................................................27Creating the Appropriate Environment ................................................................................................................................27
Phase 1What Are the Drivers? ...........................................................................................................................27Phase 2Where Are We Now? and Phase 3Where Do We Want To Be? .........................................................29Phase 4What Needs To Be Done? .....................................................................................................................30Phase 5How Do We Get There? .........................................................................................................................31Phase 6Did We Get There? and Phase 7How Do We Keep the Momentum Going? .....................................33
Chapter 5. Enabling Change .................................................................................................................................................35The Need for Change Enablement .......................................................................................................................................35
Change Enablement of GEIT Implementation ......................................................................................................36Phases in the Change Enablement Life Cycle Create the Appropriate Environment .........................................................36
Phase 1Establish the Desire to Change..............................................................................................................37Phase 2Form an Effective Implementation Team ..............................................................................................37Phase 3Communicate Desired Vision ................................................................................................................37Phase 4Empower Role Players and Identify Quick Wins ..................................................................................37Phase 5Enable Operation and Use .....................................................................................................................38Phase 6Embed New Approaches .......................................................................................................................38Phase 7Sustain ...................................................................................................................................................38
-
6 ImplementatIon
Chapter 6. Implementation Life Cycle Tasks, Roles and Responsibilities .......................................................................39Introduction ..........................................................................................................................................................................39
Phase 1What Are the Drivers? ...........................................................................................................................39Phase 2Where Are We Now? .............................................................................................................................41Phase 3Where Do We Want To Be? ...................................................................................................................44Phase 4What Needs To Be Done? .....................................................................................................................47Phase 5How Do We Get There? .........................................................................................................................49Phase 6Did We Get There? ................................................................................................................................51Phase 7How Do We Keep the Momentum Going? ............................................................................................53
Chapter 7. Using the COBIT 5 Components ......................................................................................................................57Transition Considerations for COBIT 4.1, Val IT and Risk IT Users.................................................................................57Planning and Scoping ..........................................................................................................................................................59
Performance Measurement ....................................................................................................................................60Governance and Management Practices and Activities ........................................................................................60Roles and Responsibilities .....................................................................................................................................60
Appendix A. Mapping Pain Points to COBIT 5 Processes .................................................................................................61
Appendix B. Example Decision Matrix ................................................................................................................................63
Appendix C. Mapping Example Risk Scenarios to COBIT 5 Processes ..........................................................................67
Appendix D. Example Business Case ...................................................................................................................................71Executive Summary .............................................................................................................................................................71Background (See chapter 2. Positioning GEIT) ..................................................................................................................72Business Challenges (See chapter 3, section 3, Getting StartedIdentify the Need to Act: Recognising Pain Points and Trigger Events) ....................................................................................................................72
Gap Analysis and Goal ..........................................................................................................................................73Alternatives Considered ........................................................................................................................................73
Proposed Solution ................................................................................................................................................................73Phase 1. Pre-planning (See chapter 3. Taking the First Steps Towards GEIT) ......................................................73Phase 2. Programme Implementation (See chapter 3, section 2. Applying a Continual Improvement Life Cycle Approach) .........................................................................................................................................74Programme Scope ..................................................................................................................................................74Programme Methodology and Alignment (See chapter 6. Implementation Life Cycle Tasks, Roles and Responsibilities) ................................................................................................................................74Programme Deliverables (See chapter 6. Implementation Life Cycle Tasks, Roles and Responsibilities) ...........74Programme Risk (See chapter 5. Enabling Change) .............................................................................................75Stakeholders (See chapter 3, section 4. Recognising Stakeholders Roles and Requirements) ............................75Cost-benefit Analysis .............................................................................................................................................75Challenges and Success Factors (See chapter 4. Identifying Implementation Challenges and Success Factors) ......76
Appendix E. COBIT 4.1 Maturity Attribute Table ............................................................................................................77
-
Chapter 1 IntroduCtIon
9
chApter 1 introductionCOBIT 5 Implementation complements COBIT 5 (figure 1). The objective of this reference guide is to provide a good practice approach for implementing GEIT based on a continual improvement life cycle that should be tailored to suit the enterprises specific needs.
Figure 1COBIT 5 Product Family
The COBIT 5 framework is built on five basic principles, which are covered in detail, and includes extensive guidance on enablers for governance and management of enterprise IT.
The COBIT 5 product family includes the following products: COBIT 5 (the framework) COBIT 5 enabler guides, in which governance and management enablers are discussed in detail. These include: COBIT 5: Enabling Processes COBIT 5: Enabling Information (in development) Other enabler guides (check www.isaca.org/cobit) COBIT 5 professional guides, which include: COBIT 5 Implementation COBIT 5 for Information Security (in development) COBIT 5 for Assurance (in development) COBIT 5 for Risk (in development) Other professional guides (check www.isaca.org/cobit) A collaborative online environment, which will be available to support the use of COBIT 5
This publication is structured as follows: Chapter 2 explains positioning GEIT within an enterprise Chapter 3 discusses taking the first steps towards improving GEIT Chapter 4 explains implementation challenges and success factors Chapter 5 discusses enabling GEIT-related organisational and behavioural change Chapter 6 details implementing continual improvement that includes change enablement and programme management Chapter 7 discusses using COBIT 5 and its components A number of appendices are also included: Appendix A presents COBIT 5 processes and maps pain points to the processes Appendix B provides an example decision matrix Appendix C maps example risk scenarios to COBIT 5 processes Appendix D provides an example business case Appendix E is the COBIT 4.1 maturity attribute table
COBIT 5
COBIT 5 Online Collaborative Environment
COBIT 5 Enabler Guides
COBIT 5 Professional Guides
COBIT 5 Implementation
COBIT 5: Enabling Information
COBIT 5: Enabling Processes
Other EnablerGuides
COBIT 5for Assurance
COBIT 5 for Information
Security
COBIT 5 for Risk
Other ProfessionalGuides
List of Figures Chapter 1. IntroductionObjectives and Scope of the Guide
Chapter 2. Positioning GEITUnderstanding the Context What Is GEIT? Why Is GEIT so Important? What Should GEIT Deliver?
Leveraging COBIT 5 and Integrating Frameworks, Standards and Good Practices Principles and Enablers
Chapter 3. Taking the First Steps Towards GEITCreating the Appropriate EnironmentApplying a Continual Improvement Life Cycle Approach Phase 1What Are the Drivers?Phase 2Where Are We Now?Phase 3Where Do We Want To Be?Phase 4What Needs To Be Done?Phase 5How Do We Get There?Phase 6Did We Get There?Phase 7How Do We Keep the Momentum Going?
Getting StartedIdentify the Need to Act: Recognising Pain Points and Trigger EventsTypical Pain Points Trigger Events in the Internal and External Environments Stakeholder Involvement
Recognising Stakeholders Roles and Requirements Internal Stakeholders External Stakeholders Independent Assurance and the Role of Auditors
Chapter 4. Identifying Implementation Challenges and Success FactorsCreating the Appropriate Environment Phase 1What Are the Drivers?Phase 2Where Are We Now? and Phase 3Where Do We Want To Be?Phase 4What Needs To Be Done?Phase 5How Do We Get There?Phase 6-Did We Get There? and Phase 7-How Do We Keep the Momentum Going?
Chapter 5. Enabling ChangeThe Need for Change Enablement Change Enablement of GEIT Implementation
Phases in the Change Enablement Life Cycle Create the Appropriate EnvironmentPhase 1Establish the Desire to ChangePhase 2Form an Effective Implementation TeamPhase 3Communicate Desired Vision Phase 4Empower Role Players and Identify Quick Wins Phase 5Enable Operation and Use Phase 6Embed New Approaches Phase 7Sustain
Chapter 6. Implementation Life Cycle Tasks, Roles and ResponsibilitiesIntroductionPhase 1What Are the Drivers? Phase 2Where Are We Now? Phase 3Where Do We Want To Be? Phase 4What Needs To Be Done? Phase 5How Do We Get There? Phase 6Did We Get There? Phase 7How Do We Keep the Momentum Going?
Chapter 7. Using the COBIT 5 ComponentsTransition Considerations for COBIT 4.1, Val IT and Risk IT Users Planning and Scoping Performance Measurement Governance and Management Practices and Activities Roles and Responsibilities
Appendix A. Mapping Pain Points to COBIT 5 ProcessesAppendix B. Example Decision MatrixAppendix C. Mapping Example Risk Scenarios to COBIT 5 ProcessesAppendix D. Example Business CaseExecutive Summary Background (See chapter 2. Positioning GEIT) Business Challenges (See chapter 3, section 3. Getting StartedIdentify the Need to Act: Recognising Pain Points and Trigger Events)Gap Analysis and Goal Alternatives Considered
Proposed Solution Phase 1. Pre-planning (See chapter 3. Taking the First Steps Towards GEIT) Phase 2. Programme Implementation (See chapter 3, section 2. Applying a Continual Improvement Life Cycle Approach)Programme Scope Programme Methodology and Alignment (See chapter 6. Implementation Life Cycle Tasks, Roles and Responsibilities)Programme Deliverables (See chapter 6. Implementation Life Cycle Tasks, Roles and Responsibilities)Programme Risk (See chapter 5. Enabling Change) Stakeholders (See chapter 3, section 4. Recognising Stakeholders Roles and Requirements) Cost-benefit Analysis Challenges and Success Factors (See chapter 4. Identifying Implementation Challenges and Success Factors)
Appendix E. COBIT 4.1 Maturity Attribute Table
